Model S Software/Firmware Updates

[steve841]

It's great Tesla can make update that affect core elements of the car, but the ex-medical software engineer in me is a bit horrified. We had to pass FDA clearance on every software release to prove we'd do no harm. Tesla is making changes to how the car actually drives, the motor, the regen, etc. Some of that is literally in the realm of life critical safety. God forbid a bug occur where some race condition causes the "creep" feature to floor the accelerator. And before anyone says "that won't happen", first I'm a developer and I can assure you it's tremendously hard to prove it won't (whole realms of research exist on such things), and second I refer you to classics on how this stuff occurs such as the Therac-25 where obscure bugs literally killed people.

Updates that are just UI stuff, I'm good (which is the vast bulk of this 4.0 update, except a "throttle control" bit). Updates that affect actual motor/drive/steering functionality, I really want the government to come up to speed and regulate those releases the same way they do other safety critical devices. Can you imagine airline software updated that way? Air traffic control? Pacemakers? Even if I have faith in Tesla, there needs to be independent checks and balances on critical software changes.

The libertarian in me reminds you that Tesla values their reputation and does not want any liability issues and I am completely comfortable that they have tested any drivetrain related items thoroughly.

The "government" save us mentality is why a kid cant open a lemonaide stand anymore without being arrested on public health charges.

[Zythryn]

It's great Tesla can make update that affect core elements of the car, but the ex-medical software engineer in me is a bit horrified...

Do you think their updates undergo any less testing than other manufacturers?
To simplify things, lets say the updates at all companies have 200 of testing. If Tesla also does 200 hours of testing, why does it matter if they send you a letter to have you call them, to set up an appointment, to bring your car into the shop to install the update while you wait OR have it downloaded overnight while you sleep?
The testing is not what changes, the method of delivery is.

[SteveH]

Zythryn - You are definitely correct that the method of delivery is changing, but I would say the frequency and impact of the updates are changing too. Listen to all of the good ideas we have on this site for new features. Tesla is naturally going to want to make their customer base happy and rollout as many as they can as fast as they can. The fact that the car is updated without going into a shop means that Tesla could and, probably will initially, release several major updates a year. When have you seen that from another auto manufacturer?

The commercial pressure to keep release new features will be stronger for Tesla because of the capabilities of the touchscreen than for any other company. I hope that they never bow to those pressures and release software that hasn't been fully tested, but as ckessel points out they likely will. The fact is some minor bugs are already being seen. None currently impact safety and we will have to hope that Tesla has the controls in place to ensure that safety is never impacted.

[Rodolfo Paiz]

It's great Tesla can make update that affect core elements of the car, but the ex-medical software engineer in me is a bit horrified. We had to pass FDA clearance on every software release to prove we'd do no harm. Tesla is making changes to how the car actually drives, the motor, the regen, etc. Some of that is literally in the realm of life critical safety. God forbid a bug occur where some race condition causes the "creep" feature to floor the accelerator. [...] Updates that affect actual motor/drive/steering functionality, I really want the government to come up to speed and regulate those releases the same way they do other safety critical devices. Can you imagine airline software updated that way? Air traffic control? Pacemakers? Even if I have faith in Tesla, there needs to be independent checks and balances on critical software changes.

I fully agree that some parts of the software are safety-critical and those deserve much, much, MUCH tighter scrutiny and controls than other parts of the codebase. I also agree with you that, because we're all human, someday a problem will almost surely happen, and we can but pray that it doesn't kill anyone.

That being said, I disagree with your proposed solution. The FDA is fundamentally broken, with science being all the way at the back of the bus and lobbying/corruption driving. The air-traffic-control software is, if at all possible, even worse. The FAA is billions over budget and years behind schedule on just doing the basics right... the system is safe because pilots and controllers keep it so, but no (or not much) thanks to the guvmint.

Government oversight is great for some things, and absolutely necessary for others: but in this case, I think you're giving it WAY too much credit. I have no faith that a government programmer is highly likely to spot a code problem in Tesla code and/or that the potential safety benefit of that attempt is worth the huge cost (in time, money, resources, delays to customers, and just reduction of the overall value of the product) this would entail. Government oversight of firmware revisions is not, IMHO, the answer here.

[ClearwaterBchSteve]

I fully agree that some parts of the software are safety-critical and those deserve much, much, MUCH tighter scrutiny and controls than other parts of the codebase. I also agree with you that, because we're all human, someday a problem will almost surely happen, and we can but pray that it doesn't kill anyone.

That being said, I disagree with your proposed solution. The FDA is fundamentally broken, with science being all the way at the back of the bus and lobbying/corruption driving. The air-traffic-control software is, if at all possible, even worse. The FAA is billions over budget and years behind schedule on just doing the basics right... the system is safe because pilots and controllers keep it so, but no (or not much) thanks to the guvmint.

Government oversight is great for some things, and absolutely necessary for others: but in this case, I think you're giving it WAY too much credit. I have no faith that a government programmer is highly likely to spot a code problem in Tesla code and/or that the potential safety benefit of that attempt is worth the huge cost (in time, money, resources, delays to customers, and just reduction of the overall value of the product) this would entail. Government oversight of firmware revisions is not, IMHO, the answer here.

Agreed. If the gov had been required to approve all Model S software updates, there would be none on the road. We've put our faith in the company as a whole by plunking down some serious money on what could still be considered somewhat of a concept car. I design complex transportation dispatch software and I can only imagine that the code operating the S is extremely sophisticated and based on the reliability so far, well designed. We need to believe that the Tesla engineers rigorously test new SW builds in actual cars on the track before rolling out to customers. After all, Tesla's sister company is SpaceX and they have figured out how to dock with the ISS. I would guess that there is some cross-pollination of talent there. I'm ready to get behind the wheel and bet on the Tesla team.

[Zextraterrestrial]

You want to waste more tax money ? The updates don't change anything about the car that isn't there already. They are just tweaking things. Changing throttle response can be done in almost all ice cars as well

ot a bit but I usually am ;>

[dsm363]

We should probably reserve discussion about politics for off topic area, I agree.

Anyone had issues with 4.0 update?

[Zythryn]

Zythryn - You are definitely correct that the method of delivery is changing, but I would say the frequency and impact of the updates are changing too. Listen to all of the good ideas we have on this site for new features. Tesla is naturally going to want to make their customer base happy and rollout as many as they can as fast as they can. The fact that the car is updated without going into a shop means that Tesla could and, probably will initially, release several major updates a year. When have you seen that from another auto manufacturer?
...

Never, it is one of the things that makes Tesla an improvement over the old guard
You are running under the assumption that they can't do this as quickly without safety issues. I am assuming they take every care to do so safely as any responsible business should.

There are lots of things Tesla is doing that other auto companies don't do. I think all of them have been an improvement in how enjoyable and useful the car is, how easy it is to take care of, and what a pleasure Tesla is to deal with (especially their service guys, on the rare occasions that I deal with them).

- - - Updated - - -

DMS:
Yes, we did have an issue with the update. Nothing that stopped us from using the car, it only caused a screen blinking when the car was parked and off.
They pushed out an update that night and it cleared it right up.

[DrComputer]

This is worse than Christmas... at least you know which day you get to wake up and open the presents under the tree. I've gone out to the garage every day this week hoping to see the update screen just to find nothing. Oh well, hopefully soon.

[ckessel]

*sigh*. I've directly worked on life critical systems and know the elements involved. The zealous rejection of the value of independent oversight makes me sad. Even if Tesla is a paragon of virtue, other's won't be. The whole free market approach involving "reputation" and such is reactionary, it happens after people die.

Such unrestricted updates concern me as this is something that will only grow across all vendors. If it doesn't concern someone else, I understand even if I don't agree.